AWS MCP Server

by Bhavesh8890

Overview Inspect Schema Related Servers Score Discussions

JavaScript

Remote

list_access_denied_events

Identify recent unauthorized access attempts in AWS by retrieving Access Denied events from CloudTrail logs.

Instructions

Lists recent Access Denied or Unauthorized events from CloudTrail.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`limit`	No	Number of events to return (default: 20).

Implementation Reference

src/index.ts:1866-1903 (handler)
Handler function for 'list_access_denied_events' tool. Fetches recent CloudTrail events using LookupEventsCommand, parses CloudTrailEvent JSON to extract errorCode and errorMessage, filters for AccessDenied or Unauthorized errors, limits results, and returns formatted list.
if (name === "list_access_denied_events") { const limit = (args as any)?.limit || 20; // LookupEvents doesn't natively support filtering by 'AccessDenied' error code directly via LookupAttributes // the way we want (it allows specific keys). // Best approach: Fetch recent events and client-side filter for ErrorCode. const command = new LookupEventsCommand({ MaxResults: 50 // Fetch a bit more to filter }); const response = await cloudTrailClient.send(command); // Note: LookupEvents output (Events) doesn't always contain ErrorCode as a top-level field? // Actually, LookupEvents output contains 'CloudTrailEvent' string which has the full JSON. const deniedEvents = response.Events?.map(e => { let errorCode = "N/A"; let errorMessage = "N/A"; if (e.CloudTrailEvent) { try { const json = JSON.parse(e.CloudTrailEvent); errorCode = json.errorCode; errorMessage = json.errorMessage; } catch (err) { } } return { EventTime: e.EventTime, EventName: e.EventName, Username: e.Username, ErrorCode: errorCode, ErrorMessage: errorMessage }; }).filter(e => e.ErrorCode && (e.ErrorCode === "AccessDenied" || e.ErrorCode === "Client.UnauthorizedOperation" || e.ErrorCode.includes("Unauthorized"))) .slice(0, limit) || []; return { content: [{ type: "text", text: JSON.stringify(deniedEvents, null, 2) }] }; }
src/index.ts:537-548 (registration)
Tool registration in ListTools response, including name, description, and input schema (optional limit).
name: "list_access_denied_events", description: "Lists recent Access Denied or Unauthorized events from CloudTrail.", inputSchema: { type: "object", properties: { limit: { type: "number", description: "Number of events to return (default: 20)." } } } },
src/index.ts:540-548 (schema)
Input schema definition for the tool, specifying optional 'limit' parameter.
type: "object", properties: { limit: { type: "number", description: "Number of events to return (default: 20)." } } } },

This server cannot be installed

Other Tools

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Bhavesh8890/MCP-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server